He who fights with monsters should be careful lest he thereby become a monster. And if thou gaze long into the abyss, the abyss will also gaze into thee.
---Friedrich Wilhelm Nietzsche

Sunday, January 24, 2010

Day Off

The official schedule is up and it looks like I'll have Sunday's off through the big push over the next few weeks. I had expected 7-day weeks, but it looks like we have enough bodies to make that unnecessary. Yesterday morning was crazy-busy, then everything just died. That seems to be the pattern; one rush lasting a couple hours, then everything just stops. Which is good, because there is substantial back-office stuff that has to happen, and it gives us time to keep working on figuring out the software, especially all the little quirks with the state forms. The problem is that we are no where near goal, not that goal was ever that reality-based to begin with. Ah well, probably a one-off job anyway.

And just because I love doing taxes so much, I need to start working on our taxes, which will be a mess this year. Nothing like spending what little free time I have doing what I do all day. Not that we actually have any of our forms; other than one interest statement and Debbie's unemployment, we haven't received anything. A lot of people I talk to at work are in the same boat, waiting on W-2's that normally come out the first week or so of January. I'll probably start plugging numbers into the forms this weekend to get a rough idea of where we stand, then wait to actually file until late in February.

And because I'm freakishly ADD, I just stopped typing this, jumped on the internet, grabbed some tax software and plugged in all our 2009 numbers. Not too bad; Uncle Sugar is giving us more money than we paid in by a fair amount. I guess that giant sucking sound you hear is us firmly latched onto the federal teat.

Anyway, other than doing taxes on my one day off this week from doing taxes, we don't have much planned other than a possible walk across the street to the grocery store for bread and snacks. We've both been cleaning out the file cabinet and I'm probably going to start cleaning up the Drobo in preparation for my month-late annual backup and soon as I'm done messing around with this.

Yahoo News had an article this morning about just how bad people are at choosing passwords. Towards the end of the article, they have a couple tips, but it's really not a complete plan for managing personal passwords. But before getting into what we do here, there is one thing that needs to be cleared up. Anyone who has worked someplace "knows" that it is a cardinal sin to ever write down your password. In fact, most places have made doing so a firing offense. And in a work environment where your work space is open to anyone from coworkers to people from other companies to the night janitor, having a password on a sticky note somewhere in your cubicle is a problem. But the home environment is very different. First, if someone breaks into your home and rifles through everything, you have bigger problems than a stranger logging into your Facebook account and posting insulting messages. If someone has your passport, bank statements, birth certificate, social security card, etc., they pretty much own you. Second, in a work environment, you might have two or three passwords at most. I just counted up ours and we have nearly fifty user ID/password combinations, and we create and/or discover more every day. The only way to remember all of them without writing them down would be to make them all the same. This is what many people do, but there is a big problem with this as well. Your bank may put a great deal of effort at securing your login information from outsiders, but what good does that do if you use the same user ID/password at Bob's Website? Or worse, a web site designed for the sole purpose of harvesting user ID/password combinations? All that to say this: you will need to write stuff down. Not on sticky notes tacked to your monitor or a sheet of paper taped to the wall. And don't Don'tDO NOT record them in a Word document on your PC. Think old school; a pen and a spiral-bound notebook of some sort. Keep the notebook someplace out of plain sight, but not hidden so well you forget where it is.

With that out of the way, here is what I do. I write down everything I need to get into a site; user ID, password, answers to security questions, or anything else. My brain filled up a long time ago and there simply is no room left. Also, I've mentally divided the websites that require a login into three categories; secure, semi-secure and don't-care. Secure sites are things like on-line banking, credit card sites, that sort of thing. Semi-secure is mostly places that involve purchases and have credit card information. The don't-care's are things like Facebook or Hulu. (Seriously, I can save you the trouble of guessing my password and tell you what I watch on Hulu if you really care.) Don't-care sites have the same password (but not all the same user ID; more on that in a second), semi-secure sites all have the same password that is different than the don't-care one, and secure sites each have their own unique password. So far, that seems to work and strikes a balance between security and convenience. Unless it's been a while since I've visited a site, I don't need to consult the password notebook to log in for routine web tasks, only when I'm getting into a bank or credit card site. YMMV.

Getting back to the article I linked to, picking a password is a bit of an art. Obviously, you should avoid those listed in the article, like 12345 and 123abc. Also avoid using the name of your spouse, kids, parents, friends, significant other, pets, etc. Most articles on passwords tell you to not use words in the dictionary, but I somewhat disagree. My don't-care and semi-secure passwords are nonsense combinations of words with some numbers and/or special characters tossed in. For example, I would consider "squaredance" to be a poor choice, but "unbeliefjupiter" would be good. Toss in some unusual capitalization and/or numbers (unBelif57jupiTer) and you have a fairly strong password that's going to be hard to guess or even brute-force hack. This system also allows fairly long passwords that can still be memorized after using them a few times. But my secure passwords are completely random sequences at least 10 characters long and made up of upper- and lower-case letters and numbers that I get from Perfect Passwords, with a different password (and even different length of password) for every site. I make no attempt to memorize these. Maybe 20 years ago, but no way now.

And in case anyone is still awake, a few words about user ID's. Most web sites now require you to use a valid e-mail address as a user ID. I understand why they do this, but it does make things slightly easier for the bad guys by making your user ID a gimme. Fortunately, all the sites on my secure list do not do this so I can use something other than the user ID I use other places. I would recommend this whenever possible. I even have a couple different e-mail accounts so there is some variation in user ID's even on don't-care sites.

One last thing before I move on to other topics; those pesky security passwords questions. On don't-care sites, I use real information. On other sites, I fudge the truth somewhat in terms of my birth city or mother's maiden name. Remember, all these things are part of the public record if you know where to look, and increasingly, they can be found online by simply googleing someones name.

Alright. Done with that. Wakey-wake.

In other computer security news, the recent attacks by the Chinese government against Google made use of back-doors the federal government forced Google to write into their code to enable them to comply with search warrants. Yea, no one saw that one coming.

Regulators shut down banks Friday in Florida, Missouri, New Mexico, Oregon and Washington, bringing to nine the number of bank failures so far in 2010, following 140 closures last year in the toughest economic environment since the Great Depression.

Well, Debbie is sitting here next to me with her glasses on, a bowl of popcorn in her lap, and a glass of lemonade next to her. I guess that means it's time for me to wrap this thing and watch a movie or something.